US20170161097A1 - Method for creating a hypervisor unit for embedded systems - Google Patents

Method for creating a hypervisor unit for embedded systems Download PDF

Info

Publication number
US20170161097A1
US20170161097A1 US15/309,638 US201515309638A US2017161097A1 US 20170161097 A1 US20170161097 A1 US 20170161097A1 US 201515309638 A US201515309638 A US 201515309638A US 2017161097 A1 US2017161097 A1 US 2017161097A1
Authority
US
United States
Prior art keywords
system resource
unit
during
hypervisor
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US15/309,638
Other versions
US10430231B2 (en
Inventor
Andrew Borg
Gary Morgan
Holger Broede
Jochen Haerdtlein
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch GmbH filed Critical Robert Bosch GmbH
Assigned to ROBERT BOSCH GMBH reassignment ROBERT BOSCH GMBH ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BORG, ANDREW, MORGAN, GARY, HAERDTLEIN, JOCHEN, BROEDE, HOLGER
Publication of US20170161097A1 publication Critical patent/US20170161097A1/en
Application granted granted Critical
Publication of US10430231B2 publication Critical patent/US10430231B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • G06F17/30002
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/22Microcontrol or microprogram arrangements
    • G06F9/223Execution means for microinstructions irrespective of the microinstruction function, e.g. decoding of microinstructions and nanoinstructions; timing of microinstructions; programmable logic arrays; delays and fan-out problems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5077Logical partitioning of resources; Management or configuration of virtualized resources

Definitions

  • the present invention relates to a method for creating a hypervisor unit and to a hypervisor unit.
  • Hypervisor units are configured during the run time of the hypervisor unit. This means that the existing hypervisor units generate objects or instances for virtual operation environments during the run time in a dynamic manner.
  • microcontrollers Furthermore, conventional embedded systems generally include microcontrollers.
  • the hypervisor unit in the present method is created during the translation time as a function of properties of applications and as a function of at least one property of the control unit, it is advantageously possible to use only the program code for creating the hypervisor unit that is actually also required during the run time. In the embedded system sector and particularly when using a microcontroller, this provides the special advantage that the limited hardware resources may be utilized in the most optimal manner possible.
  • the configuration of the hypervisor unit during the run time is avoided, so that computing time is available to the applications instead of the hypervisor unit.
  • this method and the introduced hypervisor can satisfy the real-time demands that predominate in the automotive sector. It can therefore be ensured, for example, that an engine control and an anti-lock braking system control are executed in a safe and reliable manner on the same control unit.
  • Another advantage is the possibility of reducing the number of control units in the motor vehicle, so that the wiring expense, in particular, can be reduced considerably.
  • providing the hypervisor unit makes it possible to reuse already existing software. In the migration of multiple control units to a single control unit, for example, the software of the multiple control units can be used again.
  • a virtual system resource is provided for a first system resource of the control unit during the translation time. Because of the virtual system resource, actual or real system resources of the control unit that are accessed by two applications can therefore be virtualized in an advantageous manner.
  • the hypervisor unit is created during the translation time, such that only the first application is able to get direct access to a second system resource during the run time, while the second system resource is blocked for the second application during the run time.
  • This is implemented as a function of the first, second and third properties and advantageously ensures exclusive use of the second system resource by the first application, so that only system resources that are used by both applications during the run time must advantageously be virtualized during the translation time.
  • FIG. 1 shows in schematic form, three control units.
  • FIG. 2 shows in schematic form, one of the control units.
  • FIG. 3 shows a method for creating a hypervisor unit.
  • FIG. 1 shows three control units 2 , 4 and 6 .
  • Control units 2 and 4 are control units from the related art, and control unit 6 is a control unit according to the present invention.
  • Control units 2 and 4 include a single processor 8 a and 8 b in each case.
  • Application software 10 a and 10 b which is independent of the control unit, is executed on respective processor 8 a , 8 b via an operating system 12 a , 12 b and basic software 14 a and 14 b specific to the control unit.
  • Control units 2 and 4 are implemented separately and, for example, provide functionalities such as an engine control, a transmission control or an anti-lock braking system functionality.
  • Control unit 6 includes two processor cores 16 a and 16 b .
  • a hypervisor unit 20 is situated between the computing unit having processor cores 16 a and 16 b , and application software 10 , operating system 12 and basic software 14 . This advantageously makes it possible for hypervisor unit 20 to continue to use, or reuse, in control unit 6 already existing software components, such as application software 10 , operating system 12 and basic software 14 , without any problems. Moreover, only one control unit 6 is required instead of two control units 2 and 4 .
  • FIG. 2 shows a control unit 6 in schematic form.
  • a microcontroller unit 22 of control unit 6 is equipped with processor cores 16 a and 16 b as well as a communications interface 24 .
  • Communications interface 24 for example, is an Ethernet interface, a FlexRay interface, or a CAN interface (CAN: Controller Area Network).
  • Hypervisor unit 20 includes a virtual system resource 26 , which provides communications interface 24 of a first application 30 and a second application 32 .
  • First application 30 encompasses application software 10 a , operating system 12 a and basic software 14 a .
  • Second application 32 includes application software 10 b , operating system 12 b , and basic software 14 b .
  • First application 30 is executed in a first virtual operating environment 34
  • second application form 30 is executed in a second virtual operating environment 36 .
  • hypervisor unit 20 provides a temporal and spatial separation with regard to the execution of the two applications 30 and 32 on microcontroller unit 22 of control unit 6 .
  • Virtual system resource 26 is developed in such a way that access by applications 30 , 32 to operating means 24 standing behind virtual operating means 26 is carried out according to a priority-scheduling method. From the point of view of applications 30 , 32 , each has unrestricted access to an exclusively utilized system resource. In reality, however, system resource 26 is merely a virtual system resource and controls the access of applications 30 and 32 to real system resource 24 . Each application 30 , 32 is assigned a period length. Applications 30 , 32 access the real, actually existing, system resource 24 as a function of the period length with the aid of virtual system resource 26 . The shorter the period length of application 30 , 32 , the higher its priority.
  • An application 30 , 32 that is to be executed frequently has a short period length and thus a higher priority.
  • An application 30 , 32 having a short period length and/or high priority thus is always able to interrupt an application 30 , 32 having a high period length and/or low priority.
  • virtual system resource 26 has assigned each application 30 , 32 minimum time slots at periodic time intervals for access to real, actually existing system resource 24 , which ensures a minimum access time per time interval to system resource 24 by respective application 30 , 32 . With the aid of minimum time slots it is possible to ensure guaranteed access of individual applications 30 , 32 to system resource 24 , so that they will not be stopped by another application 30 , 32 .
  • Communications interface 24 is also referred to as the first system resource of the control unit.
  • virtual system resource 26 makes an arbitration method available, through which virtual system resource 26 coordinates the access of applications 30 and 32 to communications interface 24 .
  • virtual system resource 26 of hypervisor unit 20 coordinates the reception of the data from communications interface 24 and the transmission of the data to the individual application 30 , 32 .
  • First processor core 16 a of microcontroller unit 22 is used only by application 30 , which accesses processor core 16 a directly.
  • Hypervisor unit 20 ensures that second application 32 will be blocked from accessing first processor core 16 a during the run time. Accordingly, hypervisor unit 20 ensures that access to second processor core 16 b by first application 30 will be blocked for the duration of the run time.
  • Hypervisor unit 20 thus provides a virtual system resource 26 to a first system resource 24 that is jointly used by the two applications 30 and 32 .
  • hypervisor unit 20 furthermore blocks access to this second system resource 16 a for second application 32 .
  • the coordinated access method, or arbitration method, of virtual system resource 26 for applications 30 and 32 is a priority scheduling method, a round-robin method, or some other arbitration method, for instance.
  • Applications 30 and 32 could be applications that had previously been configured for individual control units. As illustrated in FIG. 2 , for instance, applications 30 and 32 can be adopted without modifications provided the corresponding processor core 16 a and 16 b is essentially the same as that which previously existed on the individual control unit.
  • hypervisor unit 20 Since the required setpoint properties of applications 30 and 32 , which are also referred to as first and second properties respectively, and the actual property of control unit 6 , which is also referred to as third property, are already known to hypervisor unit 20 prior to the translation time, a hypervisor unit 20 is created in which only system resources are virtualized that are used by two applications 30 , 32 during the run time, such as communications interface 24 according to virtual system resource 26 .
  • Microcontroller unit 22 includes a processor core 24 and two communications interfaces 16 a and 16 b . Accordingly, virtual system resource 26 would therefore coordinate the access of applications 30 , 32 to the one processor core 24 , whereas communications interfaces 16 a and 16 b are able to be accessed directly through applications 30 , 32 .
  • system resources may be developed in different ways, are possible as well. It is possible, in particular, to subdivide the particular system resources into two categories during the translation time of hypervisor unit 20 , the first category identifying a system resource that is used by multiple applications 30 , 32 during the run time, and the second category providing direct access to the particular system resource by an individual application 30 , 32 .
  • hypervisor unit 20 will then be created during the translation time, such that hypervisor unit 20 provides a corresponding virtual system resource 26 for a particular system resource of the first category, and the actual system resource standing behind virtual system resource 26 is able to be used by multiple applications 30 , 32 during the run time.
  • System resources 16 a , 16 b and 24 may of course also involve a timer component, an analog-to-digital converter, which for instance includes an assigned sensor, a digital-to-analog converter, for example for generating an analog voltage/current signal, or some other peripheral device.
  • System resources 16 a , 16 b and 24 could naturally also be system resources outside of microcontroller unit 22 to which microcontroller unit 22 has access.
  • FIG. 3 schematically shows a method for creating hypervisor unit 20 .
  • a system description 42 is created or edited.
  • System description 42 includes the properties of applications 30 and 32 as well as the properties of control unit 6 or microcontroller unit 22 .
  • a consistency checker 44 checks system description 42 in order to ascertain whether a contradiction exists between the first property, the second property and the third property. This contradiction is logged according to a report 46 , and system description 42 is able to be adapted accordingly on the basis of the report.
  • system description 42 is stored as text or as an XML data set (XML: Extended Mark-up Language).
  • FIG. 3 describes the process of creating hypervisor unit 20 during the translation time.
  • a program code 51 is generated as a function of code templates 52 .
  • Code templates 52 include individual, previously prepared code segments that are generated as a function of applications 30 and 32 , i.e. the first and second properties, and as a function of the third property.
  • Program code 51 is compiled and linked with the aid of additional tools 54 , and hypervisor unit 20 is created in the process.
  • system description 42 includes setpoint demands in the form of the first and second properties. Therein, system description 42 includes an actual configuration according to the third property of control unit 6 or microcontroller unit 22 .

Abstract

A method for creating a hypervisor unit for a control unit is described. The hypervisor unit is designed to execute two applications on the control unit during a run time. The hypervisor unit is created during a translation time as a function of a first property of the first application, as a function of a second property of the second application, and as a function of a third property of the control unit.

Description

    FIELD
  • The present invention relates to a method for creating a hypervisor unit and to a hypervisor unit.
    • BACKGROUND INFORMATION
  • Conventional hypervisor units are configured during the run time of the hypervisor unit. This means that the existing hypervisor units generate objects or instances for virtual operation environments during the run time in a dynamic manner.
  • Furthermore, conventional embedded systems generally include microcontrollers.
    • SUMMARY
  • Features of example embodiments of the present invention are described herein and are shown in the figures. The features may be important both on their own and in various combinations in the context of the present invention, without any additional specific reference being made in this regard.
  • Because of the fact that the hypervisor unit in the present method is created during the translation time as a function of properties of applications and as a function of at least one property of the control unit, it is advantageously possible to use only the program code for creating the hypervisor unit that is actually also required during the run time. In the embedded system sector and particularly when using a microcontroller, this provides the special advantage that the limited hardware resources may be utilized in the most optimal manner possible.
  • Money savings can be realized, in particular, because no provisions have to be made for processor cores of unnecessarily large dimensions, for working memories or other hardware resources. The execution time can advantageously be reduced in addition since the properties of the applications and the properties of the control unit are already known prior to the run time of the hypervisor unit and are able to be taken into account.
  • In an advantageous manner, the configuration of the hypervisor unit during the run time is avoided, so that computing time is available to the applications instead of the hypervisor unit. On account of this saved virtualization step during the run time, this method and the introduced hypervisor can satisfy the real-time demands that predominate in the automotive sector. It can therefore be ensured, for example, that an engine control and an anti-lock braking system control are executed in a safe and reliable manner on the same control unit.
  • Another advantage is the possibility of reducing the number of control units in the motor vehicle, so that the wiring expense, in particular, can be reduced considerably. Moreover, providing the hypervisor unit makes it possible to reuse already existing software. In the migration of multiple control units to a single control unit, for example, the software of the multiple control units can be used again.
  • In one advantageous specific development of the method, a virtual system resource is provided for a first system resource of the control unit during the translation time. Because of the virtual system resource, actual or real system resources of the control unit that are accessed by two applications can therefore be virtualized in an advantageous manner.
  • In one advantageous development, the hypervisor unit is created during the translation time, such that only the first application is able to get direct access to a second system resource during the run time, while the second system resource is blocked for the second application during the run time. This is implemented as a function of the first, second and third properties and advantageously ensures exclusive use of the second system resource by the first application, so that only system resources that are used by both applications during the run time must advantageously be virtualized during the translation time.
  • Further features, application possibilities and advantages of the present invention result from the following description of exemplary embodiments of the present invention, which are illustrated in the figures. All described and illustrated features, either shown on their own or in any combination, form the subject matter of the present invention, regardless of their combination in the patent claims or their antecedent references, and also regardless of their wording or presentation in the description or in the drawing. The same reference numerals are used in all of the figures for functionally equivalent variables and features, even if the specific embodiments differ.
  • Exemplary specific embodiments of the present invention are discussed below with reference to the figures.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 shows in schematic form, three control units.
  • FIG. 2 shows in schematic form, one of the control units.
  • FIG. 3 shows a method for creating a hypervisor unit.
    •  DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS
  • FIG. 1 shows three control units 2, 4 and 6. Control units 2 and 4 are control units from the related art, and control unit 6 is a control unit according to the present invention. Control units 2 and 4 include a single processor 8 a and 8 b in each case. Application software 10 a and 10 b, which is independent of the control unit, is executed on respective processor 8 a, 8 b via an operating system 12 a, 12 b and basic software 14 a and 14 b specific to the control unit. Control units 2 and 4 are implemented separately and, for example, provide functionalities such as an engine control, a transmission control or an anti-lock braking system functionality.
  • Control unit 6 according to the present invention, for instance, includes two processor cores 16 a and 16 b. A hypervisor unit 20 is situated between the computing unit having processor cores 16 a and 16 b, and application software 10, operating system 12 and basic software 14. This advantageously makes it possible for hypervisor unit 20 to continue to use, or reuse, in control unit 6 already existing software components, such as application software 10, operating system 12 and basic software 14, without any problems. Moreover, only one control unit 6 is required instead of two control units 2 and 4.
  • FIG. 2 shows a control unit 6 in schematic form. A microcontroller unit 22 of control unit 6 is equipped with processor cores 16 a and 16 b as well as a communications interface 24. Communications interface 24, for example, is an Ethernet interface, a FlexRay interface, or a CAN interface (CAN: Controller Area Network).
  • Hypervisor unit 20 includes a virtual system resource 26, which provides communications interface 24 of a first application 30 and a second application 32. First application 30 encompasses application software 10 a, operating system 12 a and basic software 14 a. Second application 32 includes application software 10 b, operating system 12 b, and basic software 14 b. First application 30 is executed in a first virtual operating environment 34, while second application form 30 is executed in a second virtual operating environment 36. According to bar 38, hypervisor unit 20 provides a temporal and spatial separation with regard to the execution of the two applications 30 and 32 on microcontroller unit 22 of control unit 6.
  • Virtual system resource 26 is developed in such a way that access by applications 30, 32 to operating means 24 standing behind virtual operating means 26 is carried out according to a priority-scheduling method. From the point of view of applications 30, 32, each has unrestricted access to an exclusively utilized system resource. In reality, however, system resource 26 is merely a virtual system resource and controls the access of applications 30 and 32 to real system resource 24. Each application 30, 32 is assigned a period length. Applications 30, 32 access the real, actually existing, system resource 24 as a function of the period length with the aid of virtual system resource 26. The shorter the period length of application 30, 32, the higher its priority. An application 30, 32 that is to be executed frequently has a short period length and thus a higher priority. An application 30, 32 having a short period length and/or high priority thus is always able to interrupt an application 30, 32 having a high period length and/or low priority. In addition, virtual system resource 26 has assigned each application 30, 32 minimum time slots at periodic time intervals for access to real, actually existing system resource 24, which ensures a minimum access time per time interval to system resource 24 by respective application 30, 32. With the aid of minimum time slots it is possible to ensure guaranteed access of individual applications 30, 32 to system resource 24, so that they will not be stopped by another application 30, 32.
  • Communications interface 24 is also referred to as the first system resource of the control unit. To transmit data and to access communications interface 24, virtual system resource 26 makes an arbitration method available, through which virtual system resource 26 coordinates the access of applications 30 and 32 to communications interface 24. To receive data from communications interface 24, virtual system resource 26 of hypervisor unit 20 coordinates the reception of the data from communications interface 24 and the transmission of the data to the individual application 30, 32.
  • First processor core 16 a of microcontroller unit 22 is used only by application 30, which accesses processor core 16 a directly. Hypervisor unit 20 ensures that second application 32 will be blocked from accessing first processor core 16 a during the run time. Accordingly, hypervisor unit 20 ensures that access to second processor core 16 b by first application 30 will be blocked for the duration of the run time.
  • Hypervisor unit 20 thus provides a virtual system resource 26 to a first system resource 24 that is jointly used by the two applications 30 and 32. For a second resource 16 a, which is used only by first application 30, hypervisor unit 20 furthermore blocks access to this second system resource 16 a for second application 32.
  • The coordinated access method, or arbitration method, of virtual system resource 26 for applications 30 and 32 is a priority scheduling method, a round-robin method, or some other arbitration method, for instance. Applications 30 and 32, for example, could be applications that had previously been configured for individual control units. As illustrated in FIG. 2, for instance, applications 30 and 32 can be adopted without modifications provided the corresponding processor core 16 a and 16 b is essentially the same as that which previously existed on the individual control unit.
  • Since the required setpoint properties of applications 30 and 32, which are also referred to as first and second properties respectively, and the actual property of control unit 6, which is also referred to as third property, are already known to hypervisor unit 20 prior to the translation time, a hypervisor unit 20 is created in which only system resources are virtualized that are used by two applications 30, 32 during the run time, such as communications interface 24 according to virtual system resource 26.
  • A further exemplary embodiment is explained on the basis of FIG. 2. Microcontroller unit 22, for instance, includes a processor core 24 and two communications interfaces 16 a and 16 b. Accordingly, virtual system resource 26 would therefore coordinate the access of applications 30, 32 to the one processor core 24, whereas communications interfaces 16 a and 16 b are able to be accessed directly through applications 30, 32.
  • Further exemplary embodiments, in which system resources may be developed in different ways, are possible as well. It is possible, in particular, to subdivide the particular system resources into two categories during the translation time of hypervisor unit 20, the first category identifying a system resource that is used by multiple applications 30, 32 during the run time, and the second category providing direct access to the particular system resource by an individual application 30, 32. For the first category of system resources, hypervisor unit 20 will then be created during the translation time, such that hypervisor unit 20 provides a corresponding virtual system resource 26 for a particular system resource of the first category, and the actual system resource standing behind virtual system resource 26 is able to be used by multiple applications 30, 32 during the run time.
  • System resources 16 a, 16 b and 24 may of course also involve a timer component, an analog-to-digital converter, which for instance includes an assigned sensor, a digital-to-analog converter, for example for generating an analog voltage/current signal, or some other peripheral device. System resources 16 a, 16 b and 24 could naturally also be system resources outside of microcontroller unit 22 to which microcontroller unit 22 has access.
  • FIG. 3 schematically shows a method for creating hypervisor unit 20. Using suitable editor tools 40, a system description 42 is created or edited. System description 42, in particular, includes the properties of applications 30 and 32 as well as the properties of control unit 6 or microcontroller unit 22. During the translation time, a consistency checker 44 checks system description 42 in order to ascertain whether a contradiction exists between the first property, the second property and the third property. This contradiction is logged according to a report 46, and system description 42 is able to be adapted accordingly on the basis of the report. For example, system description 42 is stored as text or as an XML data set (XML: Extended Mark-up Language). FIG. 3 describes the process of creating hypervisor unit 20 during the translation time.
  • In optimization step 48, memory areas may be combined, for instance. In a code generation step 50, a program code 51 is generated as a function of code templates 52. Code templates 52 include individual, previously prepared code segments that are generated as a function of applications 30 and 32, i.e. the first and second properties, and as a function of the third property. Program code 51 is compiled and linked with the aid of additional tools 54, and hypervisor unit 20 is created in the process.
  • With regard to applications 30 and 32, system description 42 includes setpoint demands in the form of the first and second properties. Therein, system description 42 includes an actual configuration according to the third property of control unit 6 or microcontroller unit 22.

Claims (12)

1-10. (canceled)
11. A method for creating a hypervisor unit for a control unit of a motor vehicle, at a translation time, the hypervisor unit being designed to execute two applications on the control unit during a run time, the method comprising:
creating the hypervisor unit during the translation time as a function of a first property of the first application, as a function of a second property of the second application, and as a function of a third property of the control unit.
12. The method as recited in claim 11, further comprising:
ascertaining a first system resource of the control unit being ascertained during the translation time as a function of the first, second and third properties, which is able to be used by the first and the second application during the run time, and a virtual system resource being created for the first system resource during the translation time, which provides a coordinated arbitration method during the run time for access to the first system resource, the coordinated arbitration method being a priority-scheduling method.
13. The method as recited in claim 11, further comprising:
ascertaining a second system resource during the translation time as a function of the first, second and third property, the second system resource being able to be used only by the first application during the run time, and the hypervisor unit being created during the translation time, in such a way that only the first of the applications has direct access to the second system resource during the run time, and the access to the second system resource is blocked for the second application during the run time.
14. The method as recited in claim 11, further comprising:
ascertaining a contradiction between a first property, the second property and the third property during the translation time, and logging the contradiction.
15. The method as recited in claim 11, wherein at least one of the first property and the second property includes at least one of: i) a setpoint processor type, ii) a setpoint number of processors, iii) a setpoint memory address, iv) a setpoint memory area, v) a setpoint interrupt configuration, vi) a setpoint communications interface, and vii) a setpoint peripheral device, and wherein the third property includes at least one of: i) an actual processor type, ii) an actual number of processors, iii) an actual memory address, iv) an actual memory area, v) an actual interrupt configuration, vi) an actual communications interface, and vii) an actual peripheral device.
16. A hypervisor unit for a control unit for a motor vehicle, the hypervisor unit being designed to execute two applications on the control unit during a run time, wherein the hypervisor unit provides a virtual system resource for a first system resource jointly used by the two applications, and for a second system resource which is used only by the first application, the hypervisor unit blocks the second system resource for the second application.
17. The hypervisor unit as recited in claim 16, wherein the first application accesses the second system resource directly.
18. The hypervisor unit as recited in claim 16, wherein the first and the second application access the first system resource by the virtual system resource of the hypervisor unit according to a coordinated arbitration method, the coordinated arbitration method being a priority scheduling method.
19. The hypervisor unit as recited in claim 16, wherein the second system resource is a first processor core, and the first system resource is a communications interface, the communications interface being one of a CAN, FlexRay or Ethernet interface, and the second system resource is a first communications interface, the first communications resource being one of a CAN, FlexRay or Ethernet interface, and the first system resource is a first processor core.
20. A control unit for a motor vehicle, the control unit having a digital computing unit configured to execute a hypervisor unit, the hypervisor unit being designed to execute two applications on the control unit during a run time, wherein the hypervisor unit provides a virtual system resource for a first system resource jointly used by the two applications, and for a second system resource which is used only by the first application, the hypervisor unit blocks the second system resource for the second application.
21. The control unit as recited in claim 20, wherein the digital computing unit is a microcontroller.
US15/309,638 2014-05-20 2015-05-20 Method for creating a hypervisor unit for embedded systems Active 2036-01-13 US10430231B2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
DE102014209592.1A DE102014209592A1 (en) 2014-05-20 2014-05-20 Method for creating a hypervisor unit and hypervisor unit
DE102014209592 2014-05-20
DE102014209592.1 2014-05-20
PCT/EP2015/061141 WO2015177226A1 (en) 2014-05-20 2015-05-20 Method for creating a hypervisor unit for embedded systems

Publications (2)

Publication Number Publication Date
US20170161097A1 true US20170161097A1 (en) 2017-06-08
US10430231B2 US10430231B2 (en) 2019-10-01

Family

ID=53267347

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/309,638 Active 2036-01-13 US10430231B2 (en) 2014-05-20 2015-05-20 Method for creating a hypervisor unit for embedded systems

Country Status (4)

Country Link
US (1) US10430231B2 (en)
CN (1) CN106462440B (en)
DE (1) DE102014209592A1 (en)
WO (1) WO2015177226A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102017100118A1 (en) 2017-01-04 2018-07-05 Connaught Electronics Ltd. Scalable control system for a motor vehicle

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7757231B2 (en) * 2004-12-10 2010-07-13 Intel Corporation System and method to deprivilege components of a virtual machine monitor
US8146107B2 (en) * 2007-07-10 2012-03-27 Mitel Networks Corporation Virtual machine environment for interfacing a real time operating system environment with a native host operating system
KR101400597B1 (en) * 2008-02-18 2014-05-27 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. Systems and methods of communicatively coupling a host computing device and a peripheral device
US8601129B2 (en) * 2010-06-30 2013-12-03 International Business Machines Corporation Hypervisor selection for hosting a virtual machine image

Also Published As

Publication number Publication date
US10430231B2 (en) 2019-10-01
CN106462440B (en) 2020-02-18
DE102014209592A1 (en) 2015-11-26
CN106462440A (en) 2017-02-22
WO2015177226A1 (en) 2015-11-26

Similar Documents

Publication Publication Date Title
Burgio et al. A software stack for next-generation automotive systems on many-core heterogeneous platforms
CN104820626A (en) Method for the coexistence of software having different safety levels in a multicore processor system
CN106941516B (en) Heterogeneous field device control management system based on industrial internet operating system
WO2017177695A1 (en) Method and system for development and integration of application in numerical control system
US9836318B2 (en) Safety hypervisor function
US20110022809A1 (en) Consolidated electronic control unit and relay program implemented in the same
CN101713970A (en) Method and systems for restarting a flight control system
US20160085567A1 (en) Method for executing an application program of an electronic control unit on a computer
Schätz et al. Automating design-space exploration: optimal deployment of automotive SW-components in an ISO26262 context
US9235456B2 (en) Configuration technique for an electronic control unit with intercommunicating applications
US11115232B2 (en) Method and device for operating a control unit
US20120215407A1 (en) Vehicle Management and Control System
US20160094158A1 (en) Method for power station simulation
Ruh et al. The need for deterministic virtualization in the industrial internet of things
US10430231B2 (en) Method for creating a hypervisor unit for embedded systems
CN114637598A (en) Vehicle controller and scheduling method of operating system thereof
EP4120082A1 (en) Automotive open system architecture, state management method, and device
WO2019063693A1 (en) Ros-based programmable logic controller, system and method
US20210216056A1 (en) Programmable logic controller and operating method for a programmable logic controller and computer program product
Zeller et al. Co-simulation of self-adaptive automotive embedded systems
CN116569139A (en) Vehicle-mounted computer, computer execution method and computer program
JP7017871B2 (en) Vehicle control simulation device
Owda et al. Hierarchical transactional memory Protocol for distributed mixed-criticality embedded systems
Senthilkumar et al. Optimized scheduling of multicore ECU architecture with bio-security CAN network using AUTOSAR
Buschho KRATOS-A Resource Aware, Tailored Operating System

Legal Events

Date Code Title Description
AS Assignment

Owner name: ROBERT BOSCH GMBH, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BORG, ANDREW;MORGAN, GARY;BROEDE, HOLGER;AND OTHERS;SIGNING DATES FROM 20170119 TO 20170130;REEL/FRAME:041471/0108

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4